<?

session_start();
require_once ($_SERVER['DOCUMENT_ROOT']."/dao/dbConnection.php");
require_once ($_SERVER['DOCUMENT_ROOT']."/control/Utils.php");
$connectionstring = ConnectMainDatabase();

if (isset($_POST['matvv']) && $_POST['matvv'] != "")
{	
	$matvv = $_POST['matvv'];
	$query = "SELECT * FROM tvv WHERE matvv = '$matvv' AND trangthai = 'active'";
	$queryexe = mysql_query($query, $connectionstring);

	while ($row = mysql_fetch_array($queryexe)) {
		$user = $row{'matvv'};
		$pass_on_db = $row{'matkhau'};
		$status= $row{'trangthai'};
		
		if (md5($_POST['matkhau']) == $pass_on_db)
		{
			$_SESSION["matvv"] = $user;
			$_SESSION["matkhau"] = $pass_on_db;
			$_SESSION["trangthai"] = $status;
			
//			$query1 = "INSERT INTO history VALUES(now(), '$user', 'login', '')";
//			$queryexe = odbc_do($connectionstring, $query1);
	
			URL_forward("/Main.php", "1");
			exit();
		}
	}
	URL_forward("/index.php?call=invalid", "1");
	exit();;
} else {
	URL_forward("/index.php", "5");
}





?>